Quantum computers have been a sometimes more and sometimes less hotly debated topic in information technology since the 1990s. The promises of the technology are many-sided, and especially because of the groundbreaking computing power a quantum computer is arguably capable of, the upcoming completion of such a computer in the future is often referred to as the next age of computing. But the technology also offers cause for concern, especially for data and information security, when today’s common encryption methods could suddenly be easily cracked within hours, minutes, or even seconds. This blog post is intended to briefly present the issues and reflect the current state of “post-quantum encryption.”

## What is Quantum Computing?

To begin addressing why quantum computers might pose problems for the security of data and information encryption, it is first necessary to clarify what makes quantum computers so special in the first place.

Since this topic is very complex and of course more technical than this blog post can be (or wants to be), the following explanation remains relatively superficial. Further explanations can be found in the references at the end of the post.

While in “classical” computer systems data are encoded in “bits” as either zero or one, quantum computers use so-called “qubits“, which can be both zero and one at the same time. This has an impact on the performance of the system because, in contrast to a classical bit, each qubit can perform two calculations simultaneously. With an increasing number of qubits, the computing power of a quantum computer increases exponentially. [1, 2, 3, 4]

Important for the topic of this post is only that quantum computers are considerably more powerful than the technology of today’s computers and also the currently existing supercomputers could ever be.

## Quantum Computing and Today’s Encryption

Today’s “state of the art” encryption methods are usually based on algorithms that are extremely difficult to crack without knowledge of the correct key and will be impossible in the foreseeable future. They benefit from the high complexity of mathematical problems, which are difficult or very slow to compute with today’s computer systems. [2]

This is exactly where quantum computers come into play. Due to their ability to solve extremely complex mathematical problemsin no time, it might be possible for them to decrypt such encryption methods with ease and at high speed. [2, 5, 6]

Of course, research has been going on for years on so-called “post-quantum cryptography” methods, i.e. encryption algorithms which are at least as difficult to crack even for high-performance quantum computers as previous methods for our computers today. [5, 6]

Leading technology institutes such as the U.S. National Institute of Standards and Technology (NIST), the European Union Agency for Cybersecurity (ENISA), and also research institutes of Microsoft, Google Amazon, Cisco, IBM and others have been researching “quantum-resistant encryption” for a long time and are already testing concrete implementations of these methods. [5, 6, 7, 8, 9, 10]

The Open Quantum Safe project, for example, already implements corresponding algorithms for OpenSSL and OpenSSH, which are widely used software components that are used in many applications that communicate with the Internet. The software offered by ViOffice also uses such components. Nevertheless, a consequent investigation of possible post-quantum encryption methods and their subsequent implementation still needs a lot of time – just like the development of actually usable quantum computers will still need some time. [2, 9]

## Outlook

Quantum computers have been seen as the next evolutionary step in computing for decades. But as is so often the case, advances in performance present us with major security problems. Security methods and encryption algorithms have had to constantly improve, be replaced and fundamentally rethought over the past decades. For a leap in development, as with quantum computers, this is accordingly particularly noticeable. Nevertheless, there are already many different concepts that could solve the problem for the time being – at least until the next groundbreaking advancement in computer technology.

## Sources

- Choi, C. (2022): Quantum Computing for Dummies. URL: https://spectrum.ieee.org/quantum-computing-for-dummies
- Tutanota: Warum wir jetzt quantenresistente Kryptographie brauchen. URL: https://tutanota.com/de/blog/quantum-resistant-cryptography
- Lopez, S. et al. (2023): Grundlegendes zu Quantencomputing. URL: https://learn.microsoft.com/de-de/azure/quantum/overview-understanding-quantum-computing
- Gillis, S. (2023): Quantum Computing. URL: https://www.computerweekly.com/de/definition/Quantum-Computing-Quantencomputing
- NIST (2022): NIST Announces First Four Quantum-Resistant Cryptographic Algorithms. URL: https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms
- ENISA (2022): Post-Quantum Cryptography: Anticipating Threats and Preparing the Future. URL: https://www.enisa.europa.eu/news/enisa-news/post-quantum-cryptography-anticipating-threats-and-preparing-the-future
- Chase, M. et al. (2017): The Picnic Signature Scheme. URL: https://github.com/Microsoft/Picnic/blob/master/spec/design-v1.0.pdf
- Bouncycastle (2013): About the Legion of the Bouncy Castle. URL: https://bouncycastle.org/about.html
- Open Quantum Safe Project (2017): About the Open Quantum Safe project. URL: https://openquantumsafe.org/about/
- ENISA (2021): Post-Quantum Cryptography: Current state and quantum mitigation. URL: https://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation

Jan is co-founder of ViOffice. He is responsible for the technical implementation and maintenance of the software. His interests lie in particular in the areas of security, data protection and encryption.

In addition to his studies in economics, later in applied statistics and his subsequent doctorate, he has years of experience in software development, open source and server administration.